Hi using laravel 4.2 on an apache server
I'm trying to secure sections of my site with SSL - I'd like to serve certain pages through https and leave the rest of the site as plain http.
I've created a link to a secure page with this
<a href="{{ secure_url(URL::route('user.profile', [], false)) }}" title=""><i class="fa fa-user"></i> My Profile</a>
I've created a route with:
Route::get('user/profile', array(
'https',
'as'=>'user.profile',
'uses' => 'UserController@show'
));
This works - so happy with that.
However if I then follow a link on that page to a non secure route it continues trying to serve as https rather than http.
Is it possible to serve some pages as http and others as https? How can I then get non secure links to use http (if in an https view)
I'm confused with https - bit of a new venture for me. Most reference I can find seem to refer to serving the whole site under https which isnt quite what I want
Eventuially I want to ensure pages such as login, contact forms etc are served under https and information pages are served under http
Any references, best practice etc appreciated
How did you create those links to a HTTPS page? For relative links it is the normal behaviour to adopt the to the protocol of the current page.
It is indeed a good idea to serve the whole site with HTTPS, switching between HTTP and HTTPS is a tricky thing. There is for example the session id which is normally passed with a cookie. This cookie can only be sent to HTTPS pages, otherwise you expose the session id. Of course you will loose the session then. I wrote a small article about Switching between HTTP and HTTPS where i tried to explain this a bit more indepth.
Why not just always have HTTPS on and keep everything secure? If you have it there is no point not to.
I have been struggling with this problem for the last 30 minutes. The options as I see them.
1) Set everything to https
pros: everything secure, simple once setup
cons: Have to change web server to force https if it is setup to work with both (which mine is atm). Also need to generate self signed cert for local dev.
how: URL::secureAsset which is a shortcut to URL::asset('link' , true) ... this executes faster than other helpers, apparently
2) Check for secure in Router or Controller and Have multiple Views
pros: flexible (works with both), dont have to generate self signed certs, can still force https on prod when we get to it
cons: maintain multiple views
how: before view is loaded >> if (Request::secure()) then load different views
3) Check for secure in Router or Controller and pass parameter to the View
pros: flexible (works with both), dont have to generate self signed certs, can still force https on prod when we get to it
cons: Add some more code to the view?
how: before view is loaded >> if (Request::secure()) then pass true/false to view. must use URL::asset('link' , true) obviously.
Think I am going with #3 :)
Hi, I have also problems with using HTTPS urls. I want to put a couple of views under SSL... like this example
Route::get('test', array( 'https', function() { return View::make('test'); } ));
And my link: <a href="{{ secure_url('test', $parameters = array()) }}" title="">test</a>
I made a route like above in routes.php and I made the view 'test' in my folder 'views', but I got a error (403 - forbidden)..
I'm working on a shared server (Apache) and outside Laravel I use a folder called 'private_html' where I put secure html or php files into. I have Laravel installed at the root (above this 'private_html' folder).. Anyone a solution of what I have to do to let this work?
with regards, Gerard
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast